Your browser is not supported

For the best experience, use Google Chrome or Mozilla Firefox.


Fortify Software Composition Analysis

Third-party components make up a significant portion of many applications’ codebase, making Software Composition Analysis (SCA) a "must-have" AppSec capability. Fortify SCA, powered by Sonatype, goes beyond a single comparison of declared dependencies against the National Vulnerability Database (NVD) by using natural language processing to dynamically monitor every commit and vulnerability site.

360° view of application security

Enforce open source policy and control risk across every phase of the SDLC. Have a comprehensive bill of materials, including security vulnerabilities and license details.

bg bg

Single scan for custom and open source code

Combine static application security testing (SAST) and software composition analysis (SCA) into a scan, directly in the IDE or in the CI/CD pipeline.

bg bg

Open source and custom code vulnerabilities in a single dashboard

With Fortify on Demand or Software Security Center, have integrated results from SAST and SCA delivered to one platform for fast remediation, comprehensive reporting, and rich analytics.

bg bg

Reduce known vulnerability false positives

Prevent manual auditing or spending months of effort upgrading libraries that have no security benefit by knowing which open source issues are being invoked and are controllable with Susceptibility Analysis.

bg bg

Best of breed research teams coming together

Gain the combined knowledge and guidance of two of the industry’s leading research teams. With superior and accurate detection, actionable guidance for remediation, and the widest footprint of languages and frameworks, the Fortify Software Security Research team and Sonatype Nexus Intelligence are the best of both worlds in a unified solution.

bg bg

Related Resources

Related Products


Fortify on Demand

Fortify on Demand offers a complete application Security as a Service (AppSec SaaS) solution.


Fortify Static Code Analyzer

Fortify Static Code Analyzer identifies exploitable security vulnerabilities in source code.


Fortify Software Security Center

Fortify Software Security Center integrates and automates application security testing.

Fortify SCA demo

The combination of Fortify and Sonatype means you can truly prioritize your open source issues, from scanning to remediation.

release-rel-2022-1-2-7091 | Wed Jan 19 20:14:11 PST 2022
Wed Jan 19 20:14:11 PST 2022